Replace nokogiri with pure-ruby xml library

Question

Replace nokogiri with pure-ruby xml library

Closed this issue 3 years ago · 1 comments

We currently use nokogiri for xml processing which carries native compilation cost and also libxml dependency which has a vulnerability (even though the vulnerable feature doesn't impact ruby_aem) https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-20299 .

Since our use case for xml processing is actually simple, we need to look at alternatives such as REXML https://medium.com/tech-batoora/xml-50488ec69b20 , which is pure-ruby and eliminates the nokogiri native compilation cost and the 2-year old vulnerability.

Answer 1 · 2021-09-29T05:32:06.000Z

Closing this issue since this feature has been released as part of version 3.1.0 .